remote control over http?

Discussion in 'Computer Support' started by John Dalberg, Nov 15, 2005.

  1. John Dalberg

    John Dalberg Guest

    Are there software for remote control of another computer which work over
    port 80 because of a firewall?

    --
    John Dalberg
     
    John Dalberg, Nov 15, 2005
    #1
    1. Advertising

  2. John Dalberg

    Alt-Ctrl-Del Guest

    "John Dalberg" <2> wrote in message
    news:...
    >
    >
    > Are there software for remote control of another computer which work
    > over
    > port 80 because of a firewall?
    >
    > --
    > John Dalberg


    John, are there software for computer with remote control which work with
    a firewall because of port 80? Is this what you mean.

    Alt
     
    Alt-Ctrl-Del, Nov 15, 2005
    #2
    1. Advertising

  3. John Dalberg

    Duane Arnold Guest

    John Dalberg <2> wrote in
    news::

    >
    >
    > Are there software for remote control of another computer which work over
    > port 80 because of a firewall?
    >


    Yeah, there are Remote Desktop appliactions that will work over HTTP. But
    if you think a FW Admin will not spot that traffic over HTTP and know
    something is up if you're trying to do this from work to home, you would be
    wrong.

    Duane :)
     
    Duane Arnold, Nov 15, 2005
    #3
  4. John Dalberg

    Dan Evans Guest

    "John Dalberg" <2> wrote in message
    news:...
    >
    >
    > Are there software for remote control of another computer which work over
    > port 80 because of a firewall?


    You can change the port number of VNC, PCAnywhere and I'm pretty sure
    Terminal Services as well. It's a registry hack.

    Dan







    .................................................................
    Posted via TITANnews - Uncensored Newsgroups Access
    >>>> at http://www.TitanNews.com <<<<

    -=Every Newsgroup - Anonymous, UNCENSORED, BROADBAND Downloads=-
     
    Dan Evans, Nov 15, 2005
    #4
  5. John Dalberg

    John Dalberg Guest

    On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:

    > John Dalberg <2> wrote in
    > news::
    >
    >>
    >>
    >> Are there software for remote control of another computer which work over
    >> port 80 because of a firewall?
    >>

    >
    > Yeah, there are Remote Desktop appliactions that will work over HTTP. But
    > if you think a FW Admin will not spot that traffic over HTTP and know
    > something is up if you're trying to do this from work to home, you would be
    > wrong.


    Even if the admin spots the traffic, what will be the issue?


    --
    John Dalberg
     
    John Dalberg, Nov 16, 2005
    #5
  6. John Dalberg

    John Dalberg Guest

    On Tue, 15 Nov 2005 10:09:53 +0100, Dan Evans wrote:

    >
    >
    >
    > "John Dalberg" <2> wrote in message
    > news:...
    >>
    >>
    >> Are there software for remote control of another computer which work over
    >> port 80 because of a firewall?

    >
    > You can change the port number of VNC, PCAnywhere and I'm pretty sure
    > Terminal Services as well. It's a registry hack.


    I didn't mention that a web server is running on port 80 so that solutions
    doesn't work. It has to go through a gateway. I found teamviewer.com which
    might work.




    --
    John Dalberg
     
    John Dalberg, Nov 16, 2005
    #6
  7. John Dalberg

    Duane Arnold Guest

    John Dalberg <2> wrote in
    news:1trrqc7x9r7v5.1mcd6ap9biy36$:

    > On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >
    >> John Dalberg <2> wrote in
    >> news::
    >>
    >>>
    >>>
    >>> Are there software for remote control of another computer which work
    >>> over port 80 because of a firewall?
    >>>

    >>
    >> Yeah, there are Remote Desktop appliactions that will work over HTTP.
    >> But if you think a FW Admin will not spot that traffic over HTTP and
    >> know something is up if you're trying to do this from work to home,
    >> you would be wrong.

    >
    > Even if the admin spots the traffic, what will be the issue?
    >
    >


    You are compromising the company's network making contact with your home
    network that has not been approved and is most likely a non secure
    situation. That's the issue. The issue is that you don't have the
    authority to do it or they would have given you that authority to make
    that contact.

    What's so important that you would risk the company's security like that
    and possibly put your job in jeopardy?

    I have seen employees' severely reprimanded or terminated for such
    security breaches. As a matter of fact, I have seen people be terminated
    for a far less security breach on the network than what you want to do.

    Any FW or Network Security Admin worth his or her beans will spot your
    traffic as that is their job with you using a company machine and DHCP IP
    linked to the machine on the company's LAN. They know the LAN IP and the
    remote WAN IP traffic is going to and coming from by looking at the logs.
    And they do review those logs on a routine basis.

    Duane :)
     
    Duane Arnold, Nov 16, 2005
    #7
  8. John Dalberg

    chrispsg Guest

    Any administrator that has 80 available via the internet to a users pc
    should be fired..

    psg
     
    chrispsg, Nov 16, 2005
    #8
  9. John Dalberg

    John Dalberg Guest

    On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:

    > John Dalberg <2> wrote in
    > news:1trrqc7x9r7v5.1mcd6ap9biy36$:
    >
    >> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >>
    >>> John Dalberg <2> wrote in
    >>> news::
    >>>
    >>>>
    >>>>
    >>>> Are there software for remote control of another computer which work
    >>>> over port 80 because of a firewall?
    >>>>
    >>>
    >>> Yeah, there are Remote Desktop appliactions that will work over HTTP.
    >>> But if you think a FW Admin will not spot that traffic over HTTP and
    >>> know something is up if you're trying to do this from work to home,
    >>> you would be wrong.

    >>
    >> Even if the admin spots the traffic, what will be the issue?
    >>
    >>

    >
    > You are compromising the company's network making contact with your home
    > network that has not been approved and is most likely a non secure
    > situation. That's the issue. The issue is that you don't have the
    > authority to do it or they would have given you that authority to make
    > that contact.
    >
    > What's so important that you would risk the company's security like that
    > and possibly put your job in jeopardy?
    >
    > I have seen employees' severely reprimanded or terminated for such
    > security breaches. As a matter of fact, I have seen people be terminated
    > for a far less security breach on the network than what you want to do.
    >
    > Any FW or Network Security Admin worth his or her beans will spot your
    > traffic as that is their job with you using a company machine and DHCP IP
    > linked to the machine on the company's LAN. They know the LAN IP and the
    > remote WAN IP traffic is going to and coming from by looking at the logs.
    > And they do review those logs on a routine basis.


    I don't believe what you're saying is true technically. When you allow http
    traffic on port 80 that's pretty safe under a browser control. You're
    talking as if we are opening a direct link between two computers and bad
    stuff is going to pass freely from the outside to the inside, which is not
    the case. I work for a bank and we allow webex sessions from the outside to
    troubleshoot issues. It's pretty safe. You have to go through a third party
    gateway.

    Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
    network because it's pure http traffic inside a browser with no ActiveX or
    Java or anything installed in the client. Just mappged images that you
    click on to do stuff on the remote server. Technically, in my opinion it's
    a clever way of doing it with total security.


    --
    John Dalberg
     
    John Dalberg, Nov 17, 2005
    #9
  10. John Dalberg

    John Dalberg Guest

    On 15 Nov 2005 22:37:31 -0800, chrispsg wrote:

    > Any administrator that has 80 available via the internet to a users pc
    > should be fired..


    Firewall admins have port 80 http open. That's the case everyone unless
    they don't want users to browse. Are you saying they have it open for ALL
    protocols?


    --
    John Dalberg
     
    John Dalberg, Nov 17, 2005
    #10
  11. John Dalberg

    chrispsg Guest

    No..if inbound 80 is forwarded to a users pc...

    Outbound is ok...when using nat, the request has to originate from the
    internal network. In this case a user can access the web, but anything
    originating from an external source (internet) that tries to connect
    via port 80 will fail unless port 80 is forwarded to the users pc...

    psg
     
    chrispsg, Nov 17, 2005
    #11
  12. John Dalberg

    Duane Arnold Guest

    John Dalberg <2> wrote in
    news:760qtd5rw9k8$.19hhvv2pnsb83$:

    > On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
    >
    >> John Dalberg <2> wrote in
    >> news:1trrqc7x9r7v5.1mcd6ap9biy36$:
    >>
    >>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >>>
    >>>> John Dalberg <2> wrote in
    >>>> news::
    >>>>
    >>>>>
    >>>>>
    >>>>> Are there software for remote control of another computer which
    >>>>> work over port 80 because of a firewall?
    >>>>>
    >>>>
    >>>> Yeah, there are Remote Desktop appliactions that will work over
    >>>> HTTP. But if you think a FW Admin will not spot that traffic over
    >>>> HTTP and know something is up if you're trying to do this from work
    >>>> to home, you would be wrong.
    >>>
    >>> Even if the admin spots the traffic, what will be the issue?
    >>>
    >>>

    >>
    >> You are compromising the company's network making contact with your
    >> home network that has not been approved and is most likely a non
    >> secure situation. That's the issue. The issue is that you don't have
    >> the authority to do it or they would have given you that authority to
    >> make that contact.
    >>
    >> What's so important that you would risk the company's security like
    >> that and possibly put your job in jeopardy?
    >>
    >> I have seen employees' severely reprimanded or terminated for such
    >> security breaches. As a matter of fact, I have seen people be
    >> terminated for a far less security breach on the network than what
    >> you want to do.
    >>
    >> Any FW or Network Security Admin worth his or her beans will spot
    >> your traffic as that is their job with you using a company machine
    >> and DHCP IP linked to the machine on the company's LAN. They know the
    >> LAN IP and the remote WAN IP traffic is going to and coming from by
    >> looking at the logs. And they do review those logs on a routine
    >> basis.

    >
    > I don't believe what you're saying is true technically. When you allow
    > http traffic on port 80 that's pretty safe under a browser control.
    > You're talking as if we are opening a direct link between two
    > computers and bad stuff is going to pass freely from the outside to
    > the inside, which is not the case. I work for a bank and we allow
    > webex sessions from the outside to troubleshoot issues. It's pretty
    > safe. You have to go through a third party gateway.
    >
    > Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
    > network because it's pure http traffic inside a browser with no
    > ActiveX or Java or anything installed in the client. Just mappged
    > images that you click on to do stuff on the remote server.
    > Technically, in my opinion it's a clever way of doing it with total
    > security.
    >
    >


    If it's so safe what you're trying to do, then run it by the FW and
    Network Admins and let them give you their opinions instead of you
    snaking around and trying doing it.

    You are there to work and you're on company time. You are not there to do
    what you're trying to do.

    You are making contact and it has NOT been approved for you to make this
    contact. You are there to work.

    At one place I worked, there was this Finance Controller who was making
    contact with porn sites on the company machine during lunch hour. They
    spotted that traffic and the guy was terminated for it.

    Network security install backdoors on company computers and they sit
    there and watch workers at those workstations watching every move the
    employee makes and I have seen this. Many companies are aware of the mis-
    use of the company machine on company time and they are watching.

    You have not been given the authorization to do it and they will spot you
    and you can count on it.

    So, you go right ahead and make that unauthorized contact with your home
    network.

    You may regret that you did it.

    I got rolled on the carpet for doing it and thank God they did terminate
    me at the time.

    Duane :)
     
    Duane Arnold, Nov 17, 2005
    #12
  13. John Dalberg

    chrispsg Guest

    John,

    Nothing is "safe" from a remote source. I also work for a bank and
    inbound
    traffic is restricted. If we need remote support from a software
    manufacturer we use a program that can initate the request. Such as
    pcanywhere. We initiate the connection via a dialup host. Any other
    time
    the modem is switched off.

    I would not let this happen in my environment unless it was via a
    secure
    channel..pix to pix vpn for example. I think FFIEC auditors would say
    the
    same...

    totalrc.net states that they do not use encryption for the
    connection...I
    wouldnt say it's impossible to cause harm.
     
    chrispsg, Nov 17, 2005
    #13
  14. John Dalberg

    Duane Arnold Guest

    John Dalberg <2> wrote in
    news:760qtd5rw9k8$.19hhvv2pnsb83$:

    > On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
    >
    >> John Dalberg <2> wrote in
    >> news:1trrqc7x9r7v5.1mcd6ap9biy36$:
    >>
    >>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >>>
    >>>> John Dalberg <2> wrote in
    >>>> news::
    >>>>
    >>>>>
    >>>>>
    >>>>> Are there software for remote control of another computer which
    >>>>> work over port 80 because of a firewall?
    >>>>>
    >>>>
    >>>> Yeah, there are Remote Desktop appliactions that will work over
    >>>> HTTP. But if you think a FW Admin will not spot that traffic over
    >>>> HTTP and know something is up if you're trying to do this from work
    >>>> to home, you would be wrong.
    >>>
    >>> Even if the admin spots the traffic, what will be the issue?
    >>>
    >>>

    >>
    >> You are compromising the company's network making contact with your
    >> home network that has not been approved and is most likely a non
    >> secure situation. That's the issue. The issue is that you don't have
    >> the authority to do it or they would have given you that authority to
    >> make that contact.
    >>
    >> What's so important that you would risk the company's security like
    >> that and possibly put your job in jeopardy?
    >>
    >> I have seen employees' severely reprimanded or terminated for such
    >> security breaches. As a matter of fact, I have seen people be
    >> terminated for a far less security breach on the network than what
    >> you want to do.
    >>
    >> Any FW or Network Security Admin worth his or her beans will spot
    >> your traffic as that is their job with you using a company machine
    >> and DHCP IP linked to the machine on the company's LAN. They know the
    >> LAN IP and the remote WAN IP traffic is going to and coming from by
    >> looking at the logs. And they do review those logs on a routine
    >> basis.

    >
    > I don't believe what you're saying is true technically. When you allow
    > http traffic on port 80 that's pretty safe under a browser control.
    > You're talking as if we are opening a direct link between two
    > computers and bad stuff is going to pass freely from the outside to
    > the inside, which is not the case. I work for a bank and we allow
    > webex sessions from the outside to troubleshoot issues. It's pretty
    > safe. You have to go through a third party gateway.
    >
    > Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
    > network because it's pure http traffic inside a browser with no
    > ActiveX or Java or anything installed in the client. Just mappged
    > images that you click on to do stuff on the remote server.
    > Technically, in my opinion it's a clever way of doing it with total
    > security.
    >
    >


    A correction

    <I got rolled on the carpet for doing it and thank God they didn't
    terminate me at the time.>

    Duane :)
     
    Duane Arnold, Nov 17, 2005
    #14
  15. John Dalberg

    John Dalberg Guest

    On 17 Nov 2005 09:00:58 -0800, chrispsg wrote:

    > John,
    >
    > Nothing is "safe" from a remote source. I also work for a bank and
    > inbound
    > traffic is restricted. If we need remote support from a software
    > manufacturer we use a program that can initate the request. Such as
    > pcanywhere. We initiate the connection via a dialup host. Any other
    > time
    > the modem is switched off.


    I am initiating the connection. It's an outbound connection. The software
    is not in host mode so it can't accept connections. It's used only when I
    am online and at the desk.


    >
    > totalrc.net states that they do not use encryption for the
    > connection...I
    > wouldnt say it's impossible to cause harm.


    totalrc uses SSL. It's encrypted. Even if it's not using SSL, the
    initiating browser doesn't have anything installed in it so it's just html
    which means it's safe. The only security problem is someone sniffing the
    traffic and figuring out the username and password of the remote system.


    --
    John Dalberg
     
    John Dalberg, Nov 18, 2005
    #15
  16. John Dalberg

    John Dalberg Guest

    On Thu, 17 Nov 2005 20:41:43 GMT, Duane Arnold wrote:

    > John Dalberg <2> wrote in
    > news:760qtd5rw9k8$.19hhvv2pnsb83$:
    >
    >> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
    >>
    >>> John Dalberg <2> wrote in
    >>> news:1trrqc7x9r7v5.1mcd6ap9biy36$:
    >>>
    >>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >>>>
    >>>>> John Dalberg <2> wrote in
    >>>>> news::
    >>>>>
    >>>>>>
    >>>>>>
    >>>>>> Are there software for remote control of another computer which
    >>>>>> work over port 80 because of a firewall?
    >>>>>>
    >>>>>
    >>>>> Yeah, there are Remote Desktop appliactions that will work over
    >>>>> HTTP. But if you think a FW Admin will not spot that traffic over
    >>>>> HTTP and know something is up if you're trying to do this from work
    >>>>> to home, you would be wrong.
    >>>>
    >>>> Even if the admin spots the traffic, what will be the issue?
    >>>>
    >>>>
    >>>
    >>> You are compromising the company's network making contact with your
    >>> home network that has not been approved and is most likely a non
    >>> secure situation. That's the issue. The issue is that you don't have
    >>> the authority to do it or they would have given you that authority to
    >>> make that contact.
    >>>
    >>> What's so important that you would risk the company's security like
    >>> that and possibly put your job in jeopardy?
    >>>
    >>> I have seen employees' severely reprimanded or terminated for such
    >>> security breaches. As a matter of fact, I have seen people be
    >>> terminated for a far less security breach on the network than what
    >>> you want to do.
    >>>
    >>> Any FW or Network Security Admin worth his or her beans will spot
    >>> your traffic as that is their job with you using a company machine
    >>> and DHCP IP linked to the machine on the company's LAN. They know the
    >>> LAN IP and the remote WAN IP traffic is going to and coming from by
    >>> looking at the logs. And they do review those logs on a routine
    >>> basis.

    >>
    >> I don't believe what you're saying is true technically. When you allow
    >> http traffic on port 80 that's pretty safe under a browser control.
    >> You're talking as if we are opening a direct link between two
    >> computers and bad stuff is going to pass freely from the outside to
    >> the inside, which is not the case. I work for a bank and we allow
    >> webex sessions from the outside to troubleshoot issues. It's pretty
    >> safe. You have to go through a third party gateway.
    >>
    >> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
    >> network because it's pure http traffic inside a browser with no
    >> ActiveX or Java or anything installed in the client. Just mappged
    >> images that you click on to do stuff on the remote server.
    >> Technically, in my opinion it's a clever way of doing it with total
    >> security.
    >>
    >>

    >
    > A correction
    >
    > <I got rolled on the carpet for doing it and thank God they didn't
    > terminate me at the time.>


    What did you do that made them be able to spot you?


    --
    John Dalberg
     
    John Dalberg, Nov 18, 2005
    #16
  17. John Dalberg

    John Dalberg Guest

    On Thu, 17 Nov 2005 08:57:25 GMT, Duane Arnold wrote:

    > John Dalberg <2> wrote in
    > news:760qtd5rw9k8$.19hhvv2pnsb83$:
    >
    >> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
    >>
    >>> John Dalberg <2> wrote in
    >>> news:1trrqc7x9r7v5.1mcd6ap9biy36$:
    >>>
    >>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >>>>
    >>>>> John Dalberg <2> wrote in
    >>>>> news::
    >>>>>
    >>>>>>
    >>>>>>
    >>>>>> Are there software for remote control of another computer which
    >>>>>> work over port 80 because of a firewall?
    >>>>>>
    >>>>>
    >>>>> Yeah, there are Remote Desktop appliactions that will work over
    >>>>> HTTP. But if you think a FW Admin will not spot that traffic over
    >>>>> HTTP and know something is up if you're trying to do this from work
    >>>>> to home, you would be wrong.
    >>>>
    >>>> Even if the admin spots the traffic, what will be the issue?
    >>>>
    >>>>
    >>>
    >>> You are compromising the company's network making contact with your
    >>> home network that has not been approved and is most likely a non
    >>> secure situation. That's the issue. The issue is that you don't have
    >>> the authority to do it or they would have given you that authority to
    >>> make that contact.
    >>>
    >>> What's so important that you would risk the company's security like
    >>> that and possibly put your job in jeopardy?
    >>>
    >>> I have seen employees' severely reprimanded or terminated for such
    >>> security breaches. As a matter of fact, I have seen people be
    >>> terminated for a far less security breach on the network than what
    >>> you want to do.
    >>>
    >>> Any FW or Network Security Admin worth his or her beans will spot
    >>> your traffic as that is their job with you using a company machine
    >>> and DHCP IP linked to the machine on the company's LAN. They know the
    >>> LAN IP and the remote WAN IP traffic is going to and coming from by
    >>> looking at the logs. And they do review those logs on a routine
    >>> basis.

    >>
    >> I don't believe what you're saying is true technically. When you allow
    >> http traffic on port 80 that's pretty safe under a browser control.
    >> You're talking as if we are opening a direct link between two
    >> computers and bad stuff is going to pass freely from the outside to
    >> the inside, which is not the case. I work for a bank and we allow
    >> webex sessions from the outside to troubleshoot issues. It's pretty
    >> safe. You have to go through a third party gateway.
    >>
    >> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
    >> network because it's pure http traffic inside a browser with no
    >> ActiveX or Java or anything installed in the client. Just mappged
    >> images that you click on to do stuff on the remote server.
    >> Technically, in my opinion it's a clever way of doing it with total
    >> security.
    >>
    >>

    >
    > If it's so safe what you're trying to do, then run it by the FW and
    > Network Admins and let them give you their opinions instead of you
    > snaking around and trying doing it.
    >
    > You are there to work and you're on company time. You are not there to do
    > what you're trying to do.
    >
    > You are making contact and it has NOT been approved for you to make this
    > contact. You are there to work.
    >
    > At one place I worked, there was this Finance Controller who was making
    > contact with porn sites on the company machine during lunch hour. They
    > spotted that traffic and the guy was terminated for it.
    >
    > Network security install backdoors on company computers and they sit
    > there and watch workers at those workstations watching every move the
    > employee makes and I have seen this. Many companies are aware of the mis-
    > use of the company machine on company time and they are watching.
    >
    > You have not been given the authorization to do it and they will spot you
    > and you can count on it.
    >
    > So, you go right ahead and make that unauthorized contact with your home
    > network.
    >
    > You may regret that you did it.
    >
    > I got rolled on the carpet for doing it and thank God they did terminate
    > me at the time.


    Because some FW admins are paraoid or retarded. If if they don't understand
    what I am trying to do, they will say NO without giving a convincing reason
    just to end the discussion becaause they're not sure what might happen and
    they want to jsut be safe.

    I have worked for many companies and used opened ports to connect to
    outside servers. Nothing happened. Firewall admins are busy trying to
    protect computers from outside attacks. Not from inside to the outside. You
    don't get viruses, worms or whatever by using a remote control software
    like pcanywhere.

    As for porn sites, it's easy to spot these using content filtering software
    and hardware. It's stupid to go to 'illegal' sites at work because these
    domain names/ip addresses are on blacklists.

    You're reading from the employee manual. I am aware of the risks and the
    mumbo jumbo and that's not the point of my post. I am looking for some
    software.


    --
    John Dalberg
     
    John Dalberg, Nov 18, 2005
    #17
  18. John Dalberg

    Duane Arnold Guest

    John Dalberg <2> wrote in news:1cmfdlfl2zv9g
    $:

    > On Thu, 17 Nov 2005 20:41:43 GMT, Duane Arnold wrote:
    >
    >> John Dalberg <2> wrote in
    >> news:760qtd5rw9k8$.19hhvv2pnsb83$:
    >>
    >>> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
    >>>
    >>>> John Dalberg <2> wrote in
    >>>> news:1trrqc7x9r7v5.1mcd6ap9biy36$:
    >>>>
    >>>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >>>>>
    >>>>>> John Dalberg <2> wrote in
    >>>>>> news::
    >>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>> Are there software for remote control of another computer which
    >>>>>>> work over port 80 because of a firewall?
    >>>>>>>
    >>>>>>
    >>>>>> Yeah, there are Remote Desktop appliactions that will work over
    >>>>>> HTTP. But if you think a FW Admin will not spot that traffic over
    >>>>>> HTTP and know something is up if you're trying to do this from work
    >>>>>> to home, you would be wrong.
    >>>>>
    >>>>> Even if the admin spots the traffic, what will be the issue?
    >>>>>
    >>>>>
    >>>>
    >>>> You are compromising the company's network making contact with your
    >>>> home network that has not been approved and is most likely a non
    >>>> secure situation. That's the issue. The issue is that you don't have
    >>>> the authority to do it or they would have given you that authority to
    >>>> make that contact.
    >>>>
    >>>> What's so important that you would risk the company's security like
    >>>> that and possibly put your job in jeopardy?
    >>>>
    >>>> I have seen employees' severely reprimanded or terminated for such
    >>>> security breaches. As a matter of fact, I have seen people be
    >>>> terminated for a far less security breach on the network than what
    >>>> you want to do.
    >>>>
    >>>> Any FW or Network Security Admin worth his or her beans will spot
    >>>> your traffic as that is their job with you using a company machine
    >>>> and DHCP IP linked to the machine on the company's LAN. They know the
    >>>> LAN IP and the remote WAN IP traffic is going to and coming from by
    >>>> looking at the logs. And they do review those logs on a routine
    >>>> basis.
    >>>
    >>> I don't believe what you're saying is true technically. When you allow
    >>> http traffic on port 80 that's pretty safe under a browser control.
    >>> You're talking as if we are opening a direct link between two
    >>> computers and bad stuff is going to pass freely from the outside to
    >>> the inside, which is not the case. I work for a bank and we allow
    >>> webex sessions from the outside to troubleshoot issues. It's pretty
    >>> safe. You have to go through a third party gateway.
    >>>
    >>> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
    >>> network because it's pure http traffic inside a browser with no
    >>> ActiveX or Java or anything installed in the client. Just mappged
    >>> images that you click on to do stuff on the remote server.
    >>> Technically, in my opinion it's a clever way of doing it with total
    >>> security.
    >>>
    >>>

    >>
    >> A correction
    >>
    >> <I got rolled on the carpet for doing it and thank God they didn't
    >> terminate me at the time.>

    >
    > What did you do that made them be able to spot you?
    >
    >


    What part of this don't you understand?

    Any inbound or outbound traffic to/from the company network on any TCP or
    UDP port is being logged by the company's FW. You cannot disguise that
    traffic. The log shows the remote WAN IP and LAN IP for to/from traffic,
    along with date and time of the connections. These logs are kept on a daily
    basis for month's worth of data. They can run reports against that log data
    and produce a report or reports showing what kind of traffic activity by IP
    (s) and cross correlate data to determine suspicious activity.

    I had permission to use the remote desktop application to connect to any
    company machine around the world to diagnose application problems on the
    applications I supported. What I didn't have permission to do was connect
    to my home network and they spotted that traffic. They set FW rules to
    block any inbound or outbound traffic with my ISP's domain on any port and
    that killed my activities and then I was rolled on the carpet.

    You think that they cannot stop inbound or outbound traffic to your ISP's
    domain. You think that they cannot determine that traffic is going to an
    ISP's domain from a company machine that has a company DHCP IP assigned to
    it and track it back to you. You would be wrong. You can use port 80 all
    you want. But it's their job to track traffic to and from the company's
    network and protect the company's interest whether that be someone trying
    to hack the network or mis-use a company machine, on the company network
    and accessing the Internet.

    And on top of that, you're trying to do this on a financial institution's
    network. You're asking for trouble. :)

    Duane :)
     
    Duane Arnold, Nov 18, 2005
    #18
  19. John Dalberg

    Duane Arnold Guest

    John Dalberg <2> wrote in
    news:nadav4ztk7zw.1ju7nakq61sij$:

    > On Thu, 17 Nov 2005 08:57:25 GMT, Duane Arnold wrote:
    >
    >> John Dalberg <2> wrote in
    >> news:760qtd5rw9k8$.19hhvv2pnsb83$:
    >>
    >>> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
    >>>
    >>>> John Dalberg <2> wrote in
    >>>> news:1trrqc7x9r7v5.1mcd6ap9biy36$:
    >>>>
    >>>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
    >>>>>
    >>>>>> John Dalberg <2> wrote in
    >>>>>> news::
    >>>>>>
    >>>>>>>
    >>>>>>>
    >>>>>>> Are there software for remote control of another computer which
    >>>>>>> work over port 80 because of a firewall?
    >>>>>>>
    >>>>>>
    >>>>>> Yeah, there are Remote Desktop appliactions that will work over
    >>>>>> HTTP. But if you think a FW Admin will not spot that traffic over
    >>>>>> HTTP and know something is up if you're trying to do this from
    >>>>>> work to home, you would be wrong.
    >>>>>
    >>>>> Even if the admin spots the traffic, what will be the issue?
    >>>>>
    >>>>>
    >>>>
    >>>> You are compromising the company's network making contact with your
    >>>> home network that has not been approved and is most likely a non
    >>>> secure situation. That's the issue. The issue is that you don't
    >>>> have the authority to do it or they would have given you that
    >>>> authority to make that contact.
    >>>>
    >>>> What's so important that you would risk the company's security like
    >>>> that and possibly put your job in jeopardy?
    >>>>
    >>>> I have seen employees' severely reprimanded or terminated for such
    >>>> security breaches. As a matter of fact, I have seen people be
    >>>> terminated for a far less security breach on the network than what
    >>>> you want to do.
    >>>>
    >>>> Any FW or Network Security Admin worth his or her beans will spot
    >>>> your traffic as that is their job with you using a company machine
    >>>> and DHCP IP linked to the machine on the company's LAN. They know
    >>>> the LAN IP and the remote WAN IP traffic is going to and coming
    >>>> from by looking at the logs. And they do review those logs on a
    >>>> routine basis.
    >>>
    >>> I don't believe what you're saying is true technically. When you
    >>> allow http traffic on port 80 that's pretty safe under a browser
    >>> control. You're talking as if we are opening a direct link between
    >>> two computers and bad stuff is going to pass freely from the outside
    >>> to the inside, which is not the case. I work for a bank and we allow
    >>> webex sessions from the outside to troubleshoot issues. It's pretty
    >>> safe. You have to go through a third party gateway.
    >>>
    >>> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the
    >>> internal network because it's pure http traffic inside a browser
    >>> with no ActiveX or Java or anything installed in the client. Just
    >>> mappged images that you click on to do stuff on the remote server.
    >>> Technically, in my opinion it's a clever way of doing it with total
    >>> security.
    >>>
    >>>

    >>
    >> If it's so safe what you're trying to do, then run it by the FW and
    >> Network Admins and let them give you their opinions instead of you
    >> snaking around and trying doing it.
    >>
    >> You are there to work and you're on company time. You are not there
    >> to do what you're trying to do.
    >>
    >> You are making contact and it has NOT been approved for you to make
    >> this contact. You are there to work.
    >>
    >> At one place I worked, there was this Finance Controller who was
    >> making contact with porn sites on the company machine during lunch
    >> hour. They spotted that traffic and the guy was terminated for it.
    >>
    >> Network security install backdoors on company computers and they sit
    >> there and watch workers at those workstations watching every move the
    >> employee makes and I have seen this. Many companies are aware of the
    >> mis- use of the company machine on company time and they are
    >> watching.
    >>
    >> You have not been given the authorization to do it and they will spot
    >> you and you can count on it.
    >>
    >> So, you go right ahead and make that unauthorized contact with your
    >> home network.
    >>
    >> You may regret that you did it.
    >>
    >> I got rolled on the carpet for doing it and thank God they did
    >> terminate me at the time.

    >
    > Because some FW admins are paraoid or retarded. If if they don't
    > understand what I am trying to do, they will say NO without giving a
    > convincing reason just to end the discussion becaause they're not sure
    > what might happen and they want to jsut be safe.



    They are doing the job the company has hired them to do, which is to
    protect the company's intrest.

    Not under any circumstances should you be trying to make contact with
    your home network unless you have a valid reason to be doing so on the
    behalf of the company.

    If you don't have that valid reason and you don't have that permission to
    do so and you do it, you're in the wrong if you are caught.

    It's as simple as that and it is grounds to be severely reprimanded or
    terminated.

    You are trying to do something that you're not supposed to be doing and
    you're using the company's equipment, time the company is paying for you
    to be doing your job and not mis-use the company.

    Companies frown on employees that buck the system or mis-use the company
    and they can and will take care of the situation by any means necessary.

    All you have to do is get in that bad light and see what happens to you.

    Whatelse can I say? It's your situation and not mine and you do what you
    feel is best for you to do.

    Duane :)
     
    Duane Arnold, Nov 18, 2005
    #19
  20. John Dalberg

    Duane Arnold Guest


    > I have worked for many companies and used opened ports to connect to
    > outside servers. Nothing happened. Firewall admins are busy trying to
    > protect computers from outside attacks.


    They are not trying to protect computers. They are protecting the
    company's network and the company's interest it is an Internet/Network FW
    they are working with and not some personal FW on a machine protecting a
    machine.

    And people are not as stupid as you make them out to be.

    And I have worked for many companies as well.
    ..

    > Not from inside to the
    > outside. You don't get viruses, worms or whatever by using a remote
    > control software like pcanywhere.


    The last time I looked and used pcanywhere, it has a feature to xfer
    files from the host to the client and client to host and I have used it
    to xfer all kinds of files such a program executables that could be
    infected on one machine and xfered them to another machine. So what
    you're saying above, I am not buying it. As there is nothing to stop one
    from xfering files if one chooses to do so infected or not infected.

    Companies are more easily attacked by employees behind the FW than can
    ever be done from some outside intruder. They are already *behind* the
    FW.

    FW and Network admins are becoming more and more aware of what's happing
    behind the FW.
    >
    > As for porn sites, it's easy to spot these using content filtering
    > software and hardware. It's stupid to go to 'illegal' sites at work
    > because these domain names/ip addresses are on blacklists.


    The same thing can be applied to ISP's as well. I got a WatchGuard at
    home and know all about that. And as far as I am concerned, your point is
    moot.

    >
    > You're reading from the employee manual. I am aware of the risks and
    > the mumbo jumbo and that's not the point of my post. I am looking for
    > some software.


    No I am using common sense and have seen what happens to employees that
    think they can buck the system and do what they want and not think that
    something cannot happen to them or they cannot be caught.

    If you're looking for this software, then drop a post in a FW and
    Security NG maybe they can advise you. :)

    Duane :)
     
    Duane Arnold, Nov 18, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,192
  2. Scott
    Replies:
    1
    Views:
    8,982
    ScottF
    Aug 4, 2004
  3. Mike
    Replies:
    0
    Views:
    3,730
  4. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    1,090
    Theo Markettos
    Feb 14, 2008
  5. milan_9211

    HTTP SOAP/HTTP GET/HTTP POST

    milan_9211, Jan 10, 2011, in forum: Software
    Replies:
    0
    Views:
    3,222
    milan_9211
    Jan 10, 2011
Loading...

Share This Page